[cryptography] Asynchronous forward secrecy encryption
michael at briarproject.org
Wed Sep 18 10:49:46 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 18/09/13 08:23, ianG wrote:
> If I compromise your first shared secret, does that mean every
> shared secret thereafter is compromised?
Yes. (Improvements are possible here, by sending and acking fresh key
material inside the encrypted envelopes, but that requires two-way
communication, so in the one-way case we'd always be vulnerable to the
initial secret being compromised.)
> How do you coordinate between endpoints for the rotation? Is it
> strictly time-based? Or is there some sense of "searching the
> space" by hashing forward multiple rotations until the message
It's strictly time-based. The rotation period is based on the maximum
latency of the communication channel and the maximum difference
between the endpoints' clocks, such that if the sender thinks it's
rotation period p at the time of sending, the recipient will think
it's no earlier than period p-1 and no later than period p+1 at the
time of receipt.
If the endpoints have very inaccurate clocks, you get longer rotation
periods but the protocol still works - as long as the endpoints know
roughly how inaccurate their clocks might be.
> Ah, but does it consider the pâté attack? ;)
Is that a type of meat-in-the-middle attack?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography